Overview

McDermott is the premier firm for the health care sector and the only health law practice to receive top-tier ratings from The Legal 500 USA, U.S. News-Best Lawyers and Chambers USA. We provide sophisticated counsel to clients on the gamut of health care data privacy and security issues and regularly develop comprehensive health information privacy and security compliance programs for entities regulated by the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH Act) and related state laws.

Our lawyers have helped companies successfully resolve all aspects of countless security breaches and other privacy incidents, including hundreds of matters involving protected health information (PHI) under HIPAA. From cyberattacks and malicious insiders to lost laptops, unsecured data and mailing mishaps, we have handled the full spectrum of PHI incidents. We also regularly negotiate settlements and resolution agreements with the HHS Office for Civil Rights (OCR) arising out of complaint investigations and security breach reports, including serving as lead counsel in connection with multiple OCR investigations of breach matters affecting 500 or more individuals.

We are at the forefront of the design, negotiation and implementation of license agreements and other collaborations among health industry stakeholders for the development and deployment of big-data strategies and cutting-edge health IT. Our team provides seamless advice to clients’ privacy and IT professionals by combining our deep understanding of privacy and security laws and our practical experience in the acquisition and implementation of electronic health record (EHR) systems, enterprise-resource planning systems, data-warehouse technology and other IT systems.

Results

Helped a Fortune 100 pharmaceutical and medical technology company identify corporate divisions subject to HIPAA, assessed the divisions’ compliance with HIPAA privacy and security requirements, prepared a health information privacy and security compliance program for the divisions, and assisted the divisions to implement the program and train affected personnel

Developed and assisted with implementation of information-asset-and-practice inventories and a corresponding comprehensive data privacy and security compliance program for not-for-profit and for-profit covered entities and business associates, including the integration of HIPAA compliance requirements and business objectives

Advised a client comprising a health care delivery system and payer on the structuring of its operations to maximize the permissible use of patient information under HIPAA and other applicable laws

Assisted a large emergency medical physician practice with all aspects of its response to a theft from the client’s medical billing agency of a portable hard drive containing medical billing information for more than 175,000 patients from over 50 jurisdictions; our counsel included drafting a template breach notification letter, providing breach reports to OCR and state regulators, developing talking points for call-center operators responding to affected patients, drafting press releases and media notices, pursuing an indemnification claim to the medical billing agency, and responding to OCR’s investigative data requests in a manner that resulted in successful closure of the matter with without penalty from OCR

Represented a regional health services management company in settlement negotiations with OCR with respect to allegations of HIPAA violations

Advise a large informatics company on the development of a research data acquisition and analysis platform, including federally and privately sourced data

Represented a health industry consortium of academic medical centers on the formation of a strategic partnership with another leading health industry consortium to provide enhanced data warehouse and data analytical capabilities to health providers across the country

We use cookies to improve the functionality and performance of this site. By continuing to use this site, you are providing us with your consent to our use of cookies. Please see our Privacy Policy for details.